A fully functional exploit for the security vulnerability in the SMB2 protocol implementation has been published. It can be used to discover and attack vulnerable Windows machines remotely. By integrating the exploit into the Metasploit exploit toolkit, attackers have access to a wide range of attack options, ranging from issuing a warning to setting up a convenient backdoor on a user’s system.

Metasploit developer HD Moore said Monday that the exploit works on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server. It should also work on Windows 2008 Service Pack 2, he added in a Twitter message.

Contents

Yesterday, I read about a new OS called Barrelfish in this article in OS news. It is a collaboration between researchers at ETH Zurich and Microsoft Research, an open source multikernel operating system. I liked the idea and decided to get it; I was pretty shocked when I was reading its README file and saw that the OS is created on Linux! As an OS related to Microsoft, I didn’t expect it!

Anyway, it seems that this project is not much related to Microsoft itself, so being developed under Linux is not that shocking!

Well, now I’m much more interested in the OS as I can investigate it in Linux .

My girlfriend, who is in no way interested in computers or open source, now complains about having to use Windows in university, because Ubuntu is so much easier and faster to use. I can imagine the same story is playing out all over the world. Hopefully at least

Desktop

Within the F/OSS community we frequently want to tout the virus-free nature of Ubuntu and how it’s free. In some ways I believe we’ve already converted most of the adventurous folks we can convert by using these arguments and randomly giving out LiveCDs

When I got back from doing that, I got a phone call from one of my sisters. I had given her my mom’s old machine with Ubuntu Linux installed on it, and she had a bunch of questions. I was able to answer all but two of them. Those two I had no experience with. Her first question was how do you install a printer driver on Linux? I had her bring up the Printers support dialog and her printer was already there. She was amazed, considering her experience with Windows on that subject.

Server

Update 5 for HP-UX also has also embedded the open source Bastille security lockdown tool inside the HP-UX operating system. Since 2002, HP has offered it as an add-on, using the Linux version and making tweaks to graft it onto HP-UX. The latest iterations of Bastille allow it to automatically harden an operating system, locking down ports and other kinds of unauthorized access.

Kernel Space

There is a generic DRM renderer plug-in that was committed containing non-driver/hardware specific code and then following that was initial support for NVIDIA, Intel, and AMD hardware with this DRM plug-in.

Games

Desktop Environments

GNOME Shell’s ambiguous potential lies in the fact that it is an attempt to redraw the computer desktop. Since users neither seem greatly dis-satisfied with the current state of the desktop nor in any agreement about how it could improved, this departure is risky. Some users will undoubtedly reject it simply because it is different, no matter how innovative or useful it is, much as they did with KDE.

1. Boot time test: Time from press of power button to fully loaded desktop (including typing user name and password). Obviously not the most precise of tests, but timed with a digital stopwatch at least.

Ubuntu

We posted the video of the LinuxCon Shuttleworth keynote online. I think it’s important to note that live streaming and video archives was provided in partnership with the Linux Foundation. The Linux Foundation opted to make all the keynotes available for free in an effort to allow as many people as possible to participate in the first LinuxCon.

Phones

Google has angered the Android enthusiast community by sending a cease and desist notice to a third-party developer who is building a popular custom version of the open source platform. Google doesn’t want its proprietary bits included in cooked ROMs.

Kondik has responded to Google’s cease-and-desist letter by agreeing to develop a workaround, through which he will release a version of his Android-based framework minus Google applications, but allow anyone who has Google applications on, say, a phone, to reinstall them on his own software framework. That’s a creative solution.

Sub-notebooks

Netbooks have very much become an integral part of our hyperconnected lifestyles. These smaller computers slot right in between the functionality of a proper smartphone and a larger laptop, making them an affordable way to gain access to the “real” Internet without lugging around a big notebook. While a lot of people prefer to take the route of Windows or even a Hackintosh’d Mac OS X-powered netbook, the cheapest and least resource-heavy route is that of Linux.

Cybersource has packaged a bundle of open source software on CD that includes popular applications like Audacity, Celestia, Blender 3D, and OpenOffice. It also includes fun apps like Tux Paint and Battle for Wesnoth. Cybersource provides a pamphlet [PDF] that explains the CD’s contents and the concept of open source to potential donors, along with artwork for the CD and jewel case.

And just like PC vs. Mac, the open source vs. proprietary decision involves considerations that go beyond pure preference. Let’s discuss these considerations and look at how you can make a better decision for your company.

A software application that gives users the ability to compose and edit vector graphics images interactively on a computer is called a vector graphics editor. CorelDRAW and Adobe Illustrator are some of the most popular proprietary vector editors for Windows. But if you are looking for a capable free alternative that can also work on your Linux box, there are a lot to choose from.

The microsoft programs would be ported to run on more architectures and processors. There would be native versions of msoffice, visio, etc. running on Linux, BSD, Solaris and MacOS. I also think that microsofts programs would get a thorough going over with a fine toothed comb and become more efficient with many bugs and security problems being fixed. There would also be faster and more timely patches being released resulting in less zero day exploits.

Mozilla today denied that it will “ribbonize” upcoming Windows versions of Firefox, saying that its plans to eliminate the traditional menu bar will result in something much less complicated than Microsoft’s often-derided user interface.

OpenOffice.org

66% responded that they agree or agree totally with this statement about the prototypes, whereas only 14% said they disagree or disagree totally. That means, that in these early stages of the project, conformity with user expectations is pretty good. From the comments (see Calc file), the live previews for formatting changes seem to have been especially well received.

All students and teachers in Lyngby-Taarbaek Municipality is now offered free office suite OpenOffice. It may be the same, and students are not tempted to illegal downloads of Microsoft Office, says the CIO.

Licensing

One way to meet the intent of the LGPL is to provide the object code for your application and a makefile that re-links your object files with any updated Linux libraries covered under the LGPL. A better way to satisfy the LGPL is to use dynamic linking, in which your application and the library are separate entities, even though your application calls functions in the library when it runs. With dynamic linking, users immediately get the benefit of any updates to the libraries without ever having to re-link the application.

Openness

Open Source is the name for what used to be called the Free Software Movement. Their motto was free as in “freedom”, not free as in “beer”. It was a revolution in grassroots collaboration, and together, as a global team, sharing what they knew and building upon the work of their fellows, they created a computer operating system called Linux. The idea of the GNU license is that you can have it for free, use it, build on it, and even sell it, but you can’t turn around and be all proprietary about it. You, in turn, have to allow your work to be freely built upon.

Assuming that the second comma is a typo, and that Chiscolm actually demanded 1,784 billion trillion dollars, to my knowledge that is at least a new record for stupidly large lawsuit demands. In 2008, someone sued the federal government for more than three quadrillion dollars, but a quadrillion is only a thousand trillion. These days, maybe that just doesn’t seem like a lot of money to people.

I was so sure that I was missing something that I started asking around. “If you are confused, you are not alone,” one economist wrote back to me. “I have no idea why they are conflating short selling and naked short selling. Members of Congress are probably confused as well.”

Censorship/Web Abuse

On September 25, 2009, the Great Firewall of China blocked the public list of relays and directory authorities by simple IP address blocks. Currently, about 80% of the public relays are blocked by IP address and TCP port combination. Tor users are still connecting to the network through bridges. At the simplest level, bridges are non-public relays that don’t exit traffic, but instead send it on to the rest of the Tor network.

Local school boards face unexpected six-figure retroactive bills, after a decision by the Copyright Board of Canada.

For the Kawartha Pine Ridge District School Board, the retroactive bill amounts to $392,563. The Peterborough Victoria Northumberland and Clarington Catholic District School Board was hit with a bill for $157,499.

A U.S. judge in Los Angeles dismissed remaining claims by the estate of long-time Winnie the Pooh licensee Stephen Slesinger against the Walt Disney Co in a copyright infringement case, court documents showed on Monday.

Its true that if you put your labor into an idea then you should be allowed to consume the fruits of it, but the only reason why you put that much labor into that idea(or innovation or discovery) is because you were excluded from using someone else’s labor. Intellectual Property is a classic solution created by the problem itself, just like everything else in the world done by the government.

What Kind Of Innovation Do Patents Encourage?

[...]

Petra Moser’s research comparing innovation in countries with patents to those without patents has shown that countries without patents tend to be just as innovative, but that the innovation takes different forms. Thus, patents tend to divert from the natural market of innovation to areas that are more easily “protectable.”

Of particular interest to us is the patentability of software, which according to Groklaw may finally be facing resistance from the United States government.

The Government Files its Bilski Brief: Argues For ‘Particular Machine or Transformation of Matter’ Test

[...]

What about software, then? I read the brief as sending a mixed message, or more accurately an unfinished one, and indeed the brief states that Bilski isn’t the right case to decide that issue anyway, since it’s about a method of hedging commodities trading without any computer connection.

I’m afraid I can’t make much sense out of what it says about software.

USTR: We Can’t Be Open About ACTA Because We Promised We Wouldn’t Be (*Lobbyists Not Included)

[...]

The USTR’s answer is really a convenient non-answer. It basically says that it can’t reveal the details because everybody promised not to do so. Of course, that doesn’t explain why so many lobbyists have such detailed access to the info, and why other countries have revealed the details of the negotiations.

On the one hand, there is good output coming from Mono, but on the other hand there is obvious advantage to Microsoft if this route is taken. GreyGeek has responded to this issue of attacks on “Free software”, noting that:

Diluting the meaning of Open Source and HIDING the GPL in a forest of several dozen pseudo GPL licenses which do NOT offer the FOUR FREEDOMS of the GPL has been the total business of the OSI, of which Microsoft is now a member. The OSI’s “compromise” to “go mainstream” was to allow the corporate member to monitor THEIR OWN COMPLIANCE with the “Open Source” requirements defined by the OSI, as weak as the OSI requirements are. It is ALL about MONEY, and the OSI is handing out Tux Suits for cash to proprietary software houses as they try to decieve the consumer about the meaning of the GPL and the Four Freedoms.

Moblin is the solution to the problem of Intel: providing a free, lightweight and powerful OS to sell cheaper netbooks and devices. This allows Microsoft to get out of the “bargain basement OS” market and to focus on a more expensive, higher end market with Windows 7. The differentiation between both OS is large enough to ensure that most people won’t buy a Moblin device to replace their computer but to complement it. It suits Microsoft better if consumer purchase a Windows 7 desktop AND a Moblin netbook than if their purchase only a cheap Windows XP netbook.

It is worth noting that Microsoft broke competition laws to exclude GNU/Linux from many sub-notebooks (elimination of choice) only to then complain that it was losing money by doing so. It is akin to a burglar breaking into shop, emptying the register, only to complain to the shopkeeper that there is not “enough” money at the shop and the refrigerator has no soda. █

Apple may have recently shoved an unsafe update down your PC’s throat, but the broader problem is Apple, or anyone else, installing any unnecessary program on your PC.

[...]

I didn’t think anything more about it. I don’t install programs I don’t need or plan on testing. Others though did and they discovered that this completely unneeded Apple shovelware for 99.9999% of all users installs not just a configuration program, but the Apache Web server as well. For the tiny number of people who do need it, this lets corporate iPhone users ‘phone’ in to the business Web server for updates.

The chief European critic of Microsoft’s Windows-IE bundling says the company’s proposed web browser ballot screen compromise is a sham, accusing Redmond of packing the screen with “threatening and confusing” questions.

The FSFE has just addressed the European Commission, asking politely that nothing should be done hastily because Microsoft has not complied yet and it continues to reap the benefits of market share it obtained illegally.

High Noon in Brussels. At the end of her term, competition Commissioner Neelie Kroes is wrapping up two open cases against Microsoft. The company offered to settle in July 2009.

FSFE is involved in both of cases. We are concerned that the Commission may end up reversing years of successful antitrust work if Neelie Kroes settles for far too little in order to close a deal, any deal. That would mean that Europeans remain stuck with the present Microsoft monopoly in most areas of the desktop. Even worse, that monopoly would have the Commission’s official seal of approval, effectively ruining many years of outstanding work by Ms Kroes and her team.

Microsoft officials notified the company’s partners on September 1 that Microsoft is discontinuing the mobile versions of its Dynamics AX and Dynamics NAV ERP products.

(Word of the move trickled out broadly last Friday, via a report from IDG News Service.)

What is still not clear is why Microsoft officials made the decision to phase out the two products. I asked why Microsoft decided to discontinue the mobile clients for the Dynamics products, but received an answer from a spokesperson that elaborated on the “when,” but omitted the “why.”